Semi-automatic synthesis of security policies by invariant-guided abduction

Authors:
Clément Hurlin;Hélène Kirchner
Affiliations:
INRIA Bordeaux-Sud-Ouest, Talence, France and Microsoft R&D France, Issy-les-Moulineaux, France;INRIA Bordeaux-Sud-Ouest, Talence, France
Venue:
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Year:
2010

Citing 11
Cited 0

The temporal logic of actions

ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models

Computer
The B-book: assigning programs to meanings

The B-book: assigning programs to meanings
An Abductive Approach for Analysing Event-Based Requirements Specifications

ICLP '02 Proceedings of the 18th International Conference on Logic Programming
A Complete, Nonredundant Algorithm for Reversed Skolemization

Proceedings of the 5th Conference on Automated Deduction
Role-Based Access Control

Role-Based Access Control
Zenon: an extensible automated theorem prover producing checkable proofs

LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
The role of abduction in declarative authorization policies

PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
Isabelle/HOL: a proof assistant for higher-order logic

Isabelle/HOL: a proof assistant for higher-order logic
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
A logic for state-modifying authorization policies

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies enforce security properties specified by these invariants. In this framework we are able to tune abduction in two ways in order to: (i) filter out bad security policies and (ii) generate additional possible security policies. Invariant-guided abduction helps designing policies and thus allows using formal methods much earlier in the process of building secured systems. This approach is illustrated on role-based access control systems.